Adversaries may publish dormant Copilot Studio AI agents to maintain persistent access or exfiltrate data undetected. SOC teams should proactively hunt for these agents in Azure Sentinel to identify and mitigate potential long-term threats and reduce unnecessary exposure.
KQL Query
let ActiveAgents =
CloudAppEvents
| where Timestamp > ago(30d)
| where ActionType == "CopilotInteraction"
| where RawEventData.AppIdentity startswith "Copilot.studio"
| extend AppIdentity = iff(isnotempty(RawEventData.CopilotEventData.AppIdentity), RawEventData.CopilotEventData.AppIdentity, RawEventData.AppIdentity)
| extend AgentName = extract(@"[0-9a-fA-F]{8}(?:-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}-(.*)$", 1, tostring(AppIdentity))
| where isnotempty(AgentName)
| distinct AgentName;
AIAgentsInfo
| where RegistrySource != "A365"
| where AgentCreationTime > ago(30d)
| summarize arg_max(Timestamp, *) by AIAgentId
| where AgentStatus != "Deleted"
| where AgentStatus == "Published"
| extend AgentName2 = tostring(todynamic(RawAgentInfo)['Bot']['Attributes']['schemaname'])
| where isnotempty(AgentName2)
| where AgentName2 !in (ActiveAgents)
| project-reorder AgentCreationTime, AIAgentId, AIAgentName, AgentStatus, CreatorAccountUpn, OwnerAccountUpns
id: 5e8f1a2b-3c4d-5e6f-7a8b-9c0d1e2f3a4b
name: Copilot Studio AI Agents - Published Dormant (30d)
description: |
This query identifies Copilot Studio AI agents that are published but have not been used by any user in the organization for the last 30 days.
Dormant agents can create unnecessary exposure and may still hold active connections or credentials, which could become a security risk if left unmanaged.
They also increase clutter and make it harder to maintain a clean, efficient environment.
Recommended Action: Review these agents to confirm whether they are still needed. If not, consider unpublishing or removing them.
If they are required, validate their configuration and ensure they follow security best practices before reactivation.
requiredDataConnectors: []
tactics: []
relevantTechniques: []
query: |
let ActiveAgents =
CloudAppEvents
| where Timestamp > ago(30d)
| where ActionType == "CopilotInteraction"
| where RawEventData.AppIdentity startswith "Copilot.studio"
| extend AppIdentity = iff(isnotempty(RawEventData.CopilotEventData.AppIdentity), RawEventData.CopilotEventData.AppIdentity, RawEventData.AppIdentity)
| extend AgentName = extract(@"[0-9a-fA-F]{8}(?:-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}-(.*)$", 1, tostring(AppIdentity))
| where isnotempty(AgentName)
| distinct AgentName;
AIAgentsInfo
| where RegistrySource != "A365"
| where AgentCreationTime > ago(30d)
| summarize arg_max(Timestamp, *) by AIAgentId
| where AgentStatus != "Deleted"
| where AgentStatus == "Published"
| extend AgentName2 = tostring(todynamic(RawAgentInfo)['Bot']['Attributes']['schemaname'])
| where isnotempty(AgentName2)
| where AgentName2 !in (ActiveAgents)
| project-reorder AgentCreationTime, AIAgentId, AIAgentName, AgentStatus, CreatorAccountUpn, OwnerAccountUpns
entityMappings:
- entityType: Account
fieldMappings:
- identifier: FullName
columnName: CreatorAccountUpn
- entityType: Host
fieldMappings:
- identifier: HostName
columnName: AIAgentName
version: 1.0.0| Sentinel Table | Notes |
|---|---|
CloudAppEvents | Ensure this data connector is enabled |
Scenario: A Copilot Studio AI agent is published as part of a scheduled maintenance or reporting job that runs once a month.
Filter/Exclusion: Exclude agents associated with scheduled jobs (e.g., job_name LIKE '%monthly_report%' or job_type = 'scheduled').
Scenario: An admin publishes a test agent to validate functionality, but it is never used in production.
Filter/Exclusion: Exclude agents created by admin users (e.g., created_by_user_id IN (admin_user_ids) or is_admin_published = true).
Scenario: A Copilot Studio AI agent is used only during specific hours (e.g., overnight batch processing) and is not accessed during the 30-day window.
Filter/Exclusion: Exclude agents used during non-business hours (e.g., last_used_time BETWEEN '00:00' AND '06:00').
Scenario: A Copilot Studio AI agent is part of a development or staging environment and is not used in the production environment.
Filter/Exclusion: Exclude agents with a specific environment tag (e.g., environment = 'staging' or environment = 'dev').
Scenario: A Copilot Studio AI agent is used by a single user who is on extended leave, resulting in no activity for 30 days.
Filter/Exclusion: Exclude agents used by users on leave (e.g., user_status = 'on_leave' or user_department = 'HR').